linux/net
Ulisses Furquim 371fd83563 Bluetooth: Fix deadlocks with sock lock and L2CAP timers locks
When cancelling a delayed work (timer) in L2CAP we can not sleep holding
the sock mutex otherwise we might deadlock with an L2CAP timer handler.
This is possible because RX/TX and L2CAP timers run in different workqueues.
The scenario below illustrates the problem. Thus we are now avoiding to
sleep on the timers locks.

 ======================================================
 [ INFO: possible circular locking dependency detected ]
 3.1.0-05270-ga978dc7-dirty #239
 -------------------------------------------------------
 kworker/1:1/873 is trying to acquire lock:
  (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}, at: [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]

 but task is already holding lock:
  ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450

 which lock already depends on the new lock.

 the existing dependency chain (in reverse order) is:

 -> #1 ((&(&chan->chan_timer)->work)){+.+...}:
        [<ffffffff8106b276>] check_prevs_add+0xf6/0x170
        [<ffffffff8106b903>] validate_chain+0x613/0x790
        [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
        [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
        [<ffffffff81052a6f>] wait_on_work+0x4f/0x160
        [<ffffffff81052ca3>] __cancel_work_timer+0x73/0x80
        [<ffffffff81052cbd>] cancel_delayed_work_sync+0xd/0x10
        [<ffffffffa002f2ed>] l2cap_chan_connect+0x22d/0x470 [bluetooth]
        [<ffffffffa002fb51>] l2cap_sock_connect+0xb1/0x140 [bluetooth]
        [<ffffffff8130811b>] kernel_connect+0xb/0x10
        [<ffffffffa00cf98a>] rfcomm_session_create+0x12a/0x1c0 [rfcomm]
        [<ffffffffa00cfbe7>] __rfcomm_dlc_open+0x1c7/0x240 [rfcomm]
        [<ffffffffa00d07c2>] rfcomm_dlc_open+0x42/0x70 [rfcomm]
        [<ffffffffa00d3b03>] rfcomm_sock_connect+0x103/0x150 [rfcomm]
        [<ffffffff8130bd7e>] sys_connect+0xae/0xc0
        [<ffffffff813368d2>] compat_sys_socketcall+0xb2/0x220
        [<ffffffff813b2089>] sysenter_dispatch+0x7/0x30

 -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
        [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0
        [<ffffffff8106b276>] check_prevs_add+0xf6/0x170
        [<ffffffff8106b903>] validate_chain+0x613/0x790
        [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
        [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
        [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0
        [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
        [<ffffffff81051ae4>] process_one_work+0x184/0x450
        [<ffffffff8105276e>] worker_thread+0x15e/0x340
        [<ffffffff81057bb6>] kthread+0x96/0xa0
        [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10

 other info that might help us debug this:

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock((&(&chan->chan_timer)->work));
                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
                                lock((&(&chan->chan_timer)->work));
   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);

  *** DEADLOCK ***

 2 locks held by kworker/1:1/873:
  #0:  (events){.+.+.+}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450
  #1:  ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450

 stack backtrace:
 Pid: 873, comm: kworker/1:1 Not tainted 3.1.0-05270-ga978dc7-dirty #239
 Call Trace:
  [<ffffffff813a0f6e>] print_circular_bug+0xd2/0xe3
  [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0
  [<ffffffff8106b276>] check_prevs_add+0xf6/0x170
  [<ffffffff8106b903>] validate_chain+0x613/0x790
  [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
  [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0
  [<ffffffff8106ea30>] ? lock_release_nested+0x100/0x110
  [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0
  [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
  [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
  [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0
  [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
  [<ffffffff81051a86>] ? process_one_work+0x126/0x450
  [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
  [<ffffffff81051ae4>] process_one_work+0x184/0x450
  [<ffffffff81051a86>] ? process_one_work+0x126/0x450
  [<ffffffffa002ce70>] ? l2cap_security_cfm+0x4e0/0x4e0 [bluetooth]
  [<ffffffff8105276e>] worker_thread+0x15e/0x340
  [<ffffffff81052610>] ? manage_workers+0x110/0x110
  [<ffffffff81057bb6>] kthread+0x96/0xa0
  [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10
  [<ffffffff813af69d>] ? retint_restore_args+0xe/0xe
  [<ffffffff81057b20>] ? __init_kthread_worker+0x70/0x70
  [<ffffffff813b1ef0>] ? gs_change+0xb/0xb

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:15:09 -02:00
..
9p net/9p: Convert net/9p protocol dumps to tracepoints 2011-10-24 11:13:12 -05:00
802 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
8021q Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
ax25 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
batman-adv Merge branch 'batman-adv/maint' of git://git.open-mesh.org/linux-merge 2011-10-30 03:05:07 -04:00
bluetooth Bluetooth: Fix deadlocks with sock lock and L2CAP timers locks 2011-12-22 14:15:09 -02:00
bridge Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
caif net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
can can: remove references to berlios mailinglist 2011-10-17 19:22:46 -04:00
ceph net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
core Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux 2011-11-22 14:05:46 -05:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
decnet net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dns_resolver
dsa net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
econet af_econet: Use current logging styles and neatening 2011-07-03 20:05:16 -07:00
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
ipv4 Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
ipv6 Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
iucv net: more accurate skb truesize 2011-10-13 16:05:07 -04:00
key
l2tp l2tp: fix race in l2tp_recv_dequeue() 2011-11-03 18:02:13 -04:00
lapb wan: make LAPB callbacks const 2011-09-16 19:20:20 -04:00
llc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
mac80211 mac80211: Fixing sparse warning at sta_info.c 2011-12-19 15:06:09 -05:00
netfilter Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
netlabel Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net 2011-08-20 10:39:12 -07:00
netlink af_unix: dont send SCM_CREDENTIALS by default 2011-09-28 13:29:50 -04:00
netrom net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
nfc NFC: use kfree_skb() for sk_buffs 2011-12-19 14:40:23 -05:00
packet af_packet: de-inline some helper functions 2011-11-03 18:11:51 -04:00
phonet net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rds Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
rfkill net: rfkill: convert net/rfkill/* to use module_platform_driver() 2011-11-30 15:08:27 -05:00
rose net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rxrpc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
sched net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
sctp Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
sunrpc Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
tipc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
unix af_unix: dont send SCM_CREDENTIALS by default 2011-09-28 13:29:50 -04:00
wanrouter wanrouter: Remove kernel_lock annotations 2011-11-07 13:27:30 -05:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless cfg80211: Return beacon loss count in station 2011-12-19 14:34:13 -05:00
x25 Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
Kconfig NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
Makefile NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
nonet.c
socket.c net: add wireless TX status socket option 2011-11-09 16:01:02 -05:00
sysctl_net.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00